Only do restricted join rules signature checks for room versions 8/9. (#10927)

Otherwise the presence of a (bogus, unused) field could cause auth checks to fail.
3 years ago · c3ccad7785
parent a8bbf08576
commit c3ccad7785
2 changed files with 3 additions and 1 deletions
--- a/changelog.d/10927.bugfix
+++ b/changelog.d/10927.bugfix
@ -0,0 +1 @@
+Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8/9 could be applied to earlier room versions in some situations.
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@ -113,7 +113,8 @@ def check(
                raise AuthError(403, "Event not signed by sending server")

        is_invite_via_allow_rule = (
-            event.type == EventTypes.Member
+            room_version_obj.msc3083_join_rules
+            and event.type == EventTypes.Member
            and event.membership == Membership.JOIN
            and "join_authorised_via_users_server" in event.content
        )
				`@ -0,0 +1 @@`
				`Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8/9 could be applied to earlier room versions in some situations.`